Rich Products Corporation Discloses Data Breach Affecting 200 Individuals via Third-Party Vendor
Rich Products Corporation, a Buffalo, New York-based food manufacturer with global operations, has reported a data breach impacting approximately 200 individuals. The incident stemmed from a cyberattack on First Advantage Corporation, a third-party provider of background screening and identity verification services for Rich Products.
On November 17, 2025, First Advantage detected unauthorized access to an employee’s account within its Drug & Occupational Health Screening Unit, following a sophisticated phishing attack. Investigators determined the attacker had accessed the account as early as November 13, 2025, and exfiltrated the contents of the employee’s email inbox. First Advantage responded by disabling the compromised account and implementing enhanced security measures.
Notifications to affected individuals began on April 22, 2026, nearly five months after the breach was discovered. Exposed data included names, Social Security numbers, and driver’s license information, as confirmed in filings with the Massachusetts Office of Consumer Affairs and Business Regulation. Rich Products clarified in its notification letters that no evidence of fraud or misuse of the compromised data has been identified.
First Advantage is providing affected individuals with two years of complimentary credit monitoring and identity restoration services through Cyberscout, a TransUnion subsidiary.
Rich Products, a privately held company with $5.6 billion in annual revenue and operations in over 100 countries, supplies frozen foods, bakery products, and foodservice offerings to global markets. The breach highlights the risks associated with third-party vendor vulnerabilities in supply chain security.
Rich Products Corporation cybersecurity rating report: https://www.rankiteo.com/company/richproducts
"id": "RIC1780360401",
"linkid": "richproducts",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '200 individuals',
'industry': 'Food & Beverage',
'location': 'Buffalo, New York, USA',
'name': 'Rich Products Corporation',
'size': 'Large (5.6 billion USD annual revenue)',
'type': 'Food Manufacturer'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Notification letters sent to affected individuals on '
'April 22, 2026',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '200',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'driver’s license '
'information',
'sensitivity_of_data': 'High (Social Security numbers, '
'driver’s license information)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-11-17',
'date_publicly_disclosed': '2026-04-22',
'description': 'Rich Products Corporation disclosed a data breach impacting '
'approximately 200 individuals due to a cyberattack on its '
'third-party vendor, First Advantage Corporation. The breach '
'involved unauthorized access to an employee’s account '
'following a phishing attack, leading to the exfiltration of '
'sensitive data.',
'impact': {'data_compromised': 'Names, Social Security numbers, driver’s '
'license information',
'identity_theft_risk': 'High',
'systems_affected': 'First Advantage Corporation’s Drug & '
'Occupational Health Screening Unit'},
'initial_access_broker': {'entry_point': 'Phishing attack on First Advantage '
'employee',
'reconnaissance_period': 'November 13, 2025 - '
'November 17, 2025'},
'investigation_status': 'Completed',
'lessons_learned': 'Highlights risks associated with third-party vendor '
'vulnerabilities in supply chain security.',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures, '
'credit monitoring for '
'affected individuals',
'root_causes': 'Phishing attack leading to '
'unauthorized access to an '
'employee’s email account'},
'references': [{'source': 'Massachusetts Office of Consumer Affairs and '
'Business Regulation'}],
'regulatory_compliance': {'regulatory_notifications': 'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation'},
'response': {'communication_strategy': 'Notification letters to affected '
'individuals',
'containment_measures': 'Disabled compromised account',
'remediation_measures': 'Enhanced security measures',
'third_party_assistance': 'Cyberscout (TransUnion subsidiary)'},
'title': 'Rich Products Corporation Data Breach via Third-Party Vendor',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised employee account'}